Ticket #90 (closed defect)

Opened 8 years ago

Last modified 8 years ago

auth_cookie generation is broken (channel_x11_req)

Reported by: ohervieu Owned by: bagder
Priority: normal Milestone:
Component: misc Version:
Keywords: Cc: ohervieu, bagder
Blocked By: Blocks:

Description

Hi guys,

When using libssh2_channel_x11_req, on linux, the auth_cookie is generated by the following code :

unsigned char buffer[LIBSSH2_X11_RANDOM_COOKIE_LEN / 2];
libssh2_random(buffer, LIBSSH2_X11_RANDOM_COOKIE_LEN / 2);
for(i = 0; i < (LIBSSH2_X11_RANDOM_COOKIE_LEN / 2); i++) {

snprintf((char *) s + (i * 2), 2, "%02X", buffer[i]);

}

where s is a buffer of LIBSSH2_X11_RANDOM_COOKIE_LEN length.

When executing this, I always have a strange generated cookie. On the server side, sshd says :
/usr/bin/X11/xauth: (stdin):2: key contains odd number of or non-hex characters

In fact the auth_cookie sent has a length of .... 1.

Refering to the man page of snprintf, it says : The functions snprintf() and vsnprintf() write at most size bytes (including the trailing null byte (’\0’)) to str.

So, if you a define a buffer : buffer[]="AAAAAAAAAAAAAAAA"

snprintf((char *)s +(i*2),2,"%02X", buffer[i]);

will always write '4\0' in the buffer for each loop of the for statement.

So, a correct cookie is generated by using :

snprintf((char *)s +(i*2),2+1 ,"%02X", buffer[i]);

Regards,

Olivier

Change History

comment:1 Changed 8 years ago by bagder

Thanks, fixed committed to CVS just now!

comment:2 Changed 8 years ago by bagder

Ugh, how did I make it 'duplicate' ? Ok, should be fine now

Note: See TracTickets for help on using tickets.